[ISN] Security Megers Shift Product Lines

From: mea culpa (jerichoat_private)
Date: Thu Jan 07 1999 - 16:42:58 PST

  • Next message: mea culpa: "Re: [ISN] Think tank warns of cyberterrorist plots"

    http://www.internetworld.com/print/current/infrastructure/19990104-security.html                 
    Security Megers Shift Product Lines
    by Lawrence D. Dietz
    January 4, 1999
    
    With a growing number of large corporations seeking security products and
    services from one source, vendors are striving to meet that demand. 
                                                      
    In many cases, vendors will be offering products in 1999 that are the
    result of technologies acquired last year. 
                                                      
    For example, Network Associates acquired Dr. Solomon's for its virus
    detection software, Security Networks Inc. for its vulnerability
    assessment products, and Trusted Information Systems for its firewalls. 
                                                      
    Meanwhile, Axent merged with Raptor, another firewall vendor, and
    strengthened its professional services group by acquiring Secure Network
    Consulting. 
                                                      
    Other companies to watch include VeriSign, which joined the professional
    services group bandwagon when it picked up SecureIT of Atlanta, and
    Security Dynamics, which acquired Intrusion Detection Inc. to enter the
    vulnerability and scanning sector. 
                                                      
    Another likely impact of these mergers and acquisitions will be a split in
    the market. 
                                                      
    On one hand, corporations will work with large vendors that provide a wide
    range of products and sources. Yet they will be able to turn to speciality
    vendors that offer a "best-in-class" solution for unique security
    requirements. 
                                                      
    Other security vendors, including large networking vendors and Internet
    service providers, will be offering products and services for companies
    that do not have the capability of setting up their own secure networks. 
                                                      
    For example, GTE Internetworking has a suite of five security consulting
    services, including security design and implementation, penetration, and
    testing. 
                                                      
    "Our SecureNet offerings help customers lower network operating costs,
    effectively manage information and technology risks, and reduce the time
    it takes to get a secure network up and running," said Adam Lipson,
    director, professional services, at GTE CyberTrust. 
                                                      
    To round out their product offerings, companies are establishing
    partnerships. 
                                                      
    Specialty IS vendors such as Check Point Software and Internet Security
    Systems are integrating complementary products. 
                                                      
    Vendors with a broad IS product line, such as Network Associates, are
    working with complementary service providers such as Ernst & Young. For
    example, Ernst & Young will identify unique attacks and vulnerabilities
    using Network Associates' CyberCop product. The information will become
    part of an Ernst & Young library that will be shared with customers. 
                                                      
    With the rise of electronic commerce, some analysts are also predicting
    that the greatest growth area for security products will involve public
    key infrastructures and certificate authorities. 
                                                      
    International concerns
    
    Because many corporations have global operations, many information
    security managers will be dealing with regulations from a number of
    political jurisdictions. 
                                                      
    The European Union, for example, has a privacy policy that is considered
    to be far more stringent than policies in the United States. 
                                                      
    Web site operators in the European Union must have a privacy policy
    prominently posted and adhere to it, and organizations there are
    prohibited from exporting data to any destination that does not have the
    same protection in place. 
                                                      
    For companies and organizations that need consumer data for their
    operations, this is an important issue. As a result, the complex data
    privacy laws will require greater attention and will likely drive legal
    costs higher in 1999 and beyond. 
                                                      
    Export regulation for such technology as encryption products is another
    area likely to be important in 1999. 
                                                      
    The struggle continues between the U.S. government, with its desire for
    stronger export restrictions, and U.S. vendors with their desire for less
    restriction. So far, the government seems to be winning. 
                                                      
    As a result, U.S. firms will need to continue monitoring the type of
    encryption software used abroad and look for products that will work with
    any "standard" encryption algorithm allowing for agility in employing
    export-legal software. 
                                                      
    Y2K: Bonanza or disaster?  Organizational efforts focusing on the Y2K
    problem will have uncertain effects on information security. 
                                                      
    Many industries and organizations are ahead of the power curve and have
    instituted strong compliance measures so that the turn of the clock from
    Dec. 31, 1999, to Jan. 1, 2000, will be a non-event. 
                                                      
    Some information security managers might be able to reallocate budget
    dollars from unused Y2K projects to needed security projects. 
                                                      
    IS managers working at organizations that failed to address Y2K problems
    might find their third- and fourth-quarter budgets summarily redirected to
    mission-critical applications in need of updates. 
                                                      
    Perhaps the greatest uncertainty of Y2K is how many hackers plan to use
    the uncertainty surrounding the date change to cover their own nefarious
    activities. 
                                                      
    Lawrence D. Dietz is director, information security and legal strategies,
    of Santa Clara consulting firm Current Analysis. His biweekly column, The
    Security Professional, will begin in the next issue.  You can contact him
    at ldietzat_private 
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:15:18 PDT